Ansible之roles模組 lnmp分散式部署
Ansible之roles模組 lnmp分散式部署
1. role模組的作用
Ansible為了層次化、結構化地組織Playbook,使用了角色(roles),roles可以根據層次型結構自動裝載變數檔案、task以及handlers等。簡單來講,roles就是通過分別將變數、檔案、任務、模組及處理器放置於單獨的目錄中,並可以便捷地include它們。roles一般用於基於主機構建服務的場景中,但也可以用於構建守護程序等場景中。
2. roles的目錄結構(預設是沒有的)
[root@ansible ansible]# tree /etc/ansible/roles/
/etc/ansible/roles/
├── mysql
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
│ └── main.yml
├── nginx
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ │ ├── default.conf
│ │ ├── index.php
│ │ ├── mysql.php
│ │ └── nginx.repo
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
│ └── main.yml
└── php
├── defaults
│ └── main.yml
├── files
│ ├── php-ini
│ └── www.conf
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── tasks
│ └── main.yml
├── templates
└── vars
└── main.yml
3. roles內個目錄含義解釋
●files
用來存放由 copy 模組或 script 模組呼叫的檔案。
●templates
用來存放 jinjia2 模板,template 模組會自動在此目錄中尋找 jinjia2 模板檔案。
●tasks
此目錄應當包含一個 main.yml 檔案,用於定義此角色的任務列表,此檔案可以使用 include 包含其它的位於此目錄的 task 檔案。
●handlers
此目錄應當包含一個 main.yml 檔案,用於定義此角色中觸發條件時執行的動作。
●vars
此目錄應當包含一個 main.yml 檔案,用於定義此角色用到的變數。
●defaults
此目錄應當包含一個 main.yml 檔案,用於為當前角色設定預設變數。
●meta
此目錄應當包含一個 main.yml 檔案,用於定義此角色的特殊設定及其依賴關係。
4. roles建立lnmp
4.1 建立以roles命名的目錄
yum裝完預設已建立
[root@ansible ~]# ls /etc/ansible/
ansible.cfg hosts roles
[root@ansible ~]# cd /etc/ansible/
[root@ansible ansible]# cd roles/
[root@ansible roles]# ll
總用量 0
4.2 建立全域性變數目錄
[root@ansible roles]# mkdir -p /etc/ansible/group_vars/
[root@ansible roles]# touch /etc/ansible/group_vars/all
檔名自己定義,使用的時候需注意
4.3 在roles目錄中分別建立以個角色名稱命令的目錄
mkdir /etc/ansible/roles/nginx
mkdir /etc/ansible/roles/mysql
mkdir /etc/ansible/roles/php
4.4 在每個角色命令的目錄中建立工作目錄
在每個角色命令的目錄中分別建立files、handlers、tasks、templates、meta、defaults和vars目錄,用不到的目錄可以建立為空目錄,也可以不建立
mkdir /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,defaults,meta}
mkdir /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,defaults,meta}
mkdir /etc/ansible/roles/php/{files,templates,tasks,handlers,vars,defaults,meta}
4.5 建立main.yml檔案
在每個角色的 handlers、tasks、meta、defaults、vars 目錄下建立 main.yml 檔案,千萬不能自定義檔名
touch /etc/ansible/roles/nginx/{defaults,vars,tasks,meta,handlers}/main.yml
touch /etc/ansible/roles/mysql/{defaults,vars,tasks,meta,handlers}/main.yml
touch /etc/ansible/roles/php/{defaults,vars,tasks,meta,handlers}/main.yml
4.6 修改site.yml檔案,針對不用主機去呼叫不同的角色
vim /etc/ansible/site.yml
---
- hosts: web
remote_user: root
roles:
- nginx
- hosts: mysql
remote_user: root
roles:
- mysql
- hosts: php
remote_user: root
roles:
- php
4.7 修改主機清單檔案
vim /etc/ansible/hosts
[web]
node1
[mysql]
node2
[php]
node3
4.8 nginx模組
4.8.1 編寫任務指令碼
vim /etc/ansible/roles/nginx/tasks/main.yml
---
- name: create nginx_yum
copy: src=/etc/ansible/roles/nginx/files/nginx.repo dest=/etc/yum.repos.d/nginx.repo
- name: install apache
yum: name={{pkg}} state=latest
- name: modify configuration file
copy: src=/etc/ansible/roles/nginx/files/default.conf dest=/etc/nginx/conf.d/default.conf
- name: start apache
service: enabled=true name={{svc}} state=started
- name: create php_test web
copy: src=/etc/ansible/roles/nginx/files/index.php dest=/usr/share/nginx/html/index.php
- name: create mysql_test web
copy: src=/etc/ansible/roles/nginx/files/mysql.php dest=/usr/share/nginx/html/mysql.php
- name: install nfs
yum: name=nfs-utils state=present
- name: nfs_share
copy: content="/usr/share/nginx/html/ 192.168.10.0/24(rw)" dest=/etc/exports
- name: start nfs
service: name=nfs state=restarted enabled=yes
4.8.2 定義變數
可以定義在全域性變數中,也可以定義在roles角色變數中,一般定義在角色變數中
vim /etc/ansible/roles/nginx/vars/main.yml
pkg: nginx
svc: nginx
4.8.3 準備nginx.repo檔案
vim /etc/ansible/roles/nginx/files/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
4.8.4 準備nginx配置檔案default.conf
取消location ~ .php$域的註釋,
修改fastcgi_pass為php的IP和埠
修改fastcgi_param為SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
egrep -v ^' '*# /etc/ansible/roles/nginx/files/default.conf | grep -v '^$'
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root html;
fastcgi_pass 192.168.10.5:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
}
4.8.5 準備測試網頁index.php
index.php(用於測試php與nginx的連線)
vim /etc/ansible/roles/nginx/files/index.php
<?php
phpinfo();
?>
mysql.php(用於測試php與mysql的連線)
vim /etc/ansible/roles/nginx/files/mysql.php
<?php
$link=mysqli_connect('192.168.10.4','root','Admin@123');
if($link) echo "<h1>Success!!</h1>";
else echo "Fail!!";
?>
4.9 mysql模組
編寫任務指令碼
vim /etc/ansible/roles/mysql/tasks/main.yml
---
- name: clean mariadb
yum: name=mariadb state=absent
- name: get mysql download source
command: wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
#get_url: url=http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm dest=/etc/yum.repos.d/mysql57-community-release-el7-10.noarch.rpm
- name: install mysql5.7
yum: name=mysql57-community-release-el7-10.noarch.rpm
- name: install mysql-community-server
yum: name=mysql-community-server state=latest
- name: start mysql
service: enabled=true name=mysqld state=started
- name: change passwd
shell: mysqladmin -u root -p"$(grep "password" /var/log/mysqld.log | awk 'NR==1{print $NF}')" password 'Admin@123'
ignore_errors: yes
- name: grant pribileges
command: mysql -uroot -p"Admin@123" -e 'grant all privileges on *.* to root@"%" identified by "Admin@123" with grant option;'
- name: flush privileges
command: mysql -uroot -p"Admin@123" -e 'flush privileges;'
- name: stop auto-update
yum: name=mysql57-community-release-el7-10.noarch state=absent
- name: install nfs
yum: name=nfs-utils state=present
- name: nfs_share
copy: content="/var/lib/mysql/ 192.168.10.0/24(rw)" dest=/etc/exports
- name: start nfs
service: name=nfs state=restarted enabled=yes
4.10 php模組
4.10.1 編寫任務指令碼
vim /etc/ansible/roles/php/tasks/main.yml
---
- name: get epel download source
command: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
- name: get webtatic download source
command: rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
- name: install php7.2
command: yum -y install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache php72w-redis
- name: modify www.conf
copy: src=/etc/ansible/roles/php/files/www.conf dest=/etc/php-fpm.d/www.conf
- name: modify php.ini
copy: src=/etc/ansible/roles/php/files/php-ini dest=/etc/php.ini
- name: create nginx directory
file: path=/usr/share/nginx/html/ state=directory mode=777 recurse=yes
- name: create mysql directory
file: path=/var/lib/mysql/ state=directory mode=777 recurse=yes
- name: install nfs
yum: name=nfs-utils state=present
- name: mount nginx
mount: src=192.168.10.3:/usr/share/nginx/html/ path=/usr/share/nginx/html/ fstype=nfs state=mounted
- name: mount mysql
mount: src=192.168.10.4:/var/lib/mysql/ path=/var/lib/mysql/ fstype=nfs state=mounted
- name: start php
service: name=php-fpm enabled=true state=started
4.10.2 準備www.conf檔案
修改listen監聽IP和埠為0.0.0.0:9000
修改listen.allowed_clients = 192.168.10.3,設定為nginx的IP地址
egrep -v "^;|^$" /etc/ansible/roles/php/files/www.conf
[www]
user = apache
group = apache
listen = 0.0.0.0:9000
listen.allowed_clients = 192.168.10.3
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
4.10.3 準備php.ini檔案
877行,修改date.timezone = Asia/Shanghai
1097行,修改mysqli.default_socket = /var/lib/mysql/mysql.sock
egrep -v "^;|^$" /etc/ansible/roles/php/files/php-ini
[PHP]
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions =
disable_classes =
zend.enable_gc = On
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
date.timezone = Asia/Shanghai
[filter]
[iconv]
[intl]
[sqlite]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
sendmail_path = /usr/sbin/sendmail -t -i
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket = /var/lib/mysql/mysql.sock
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[Assertion]
zend.assertions = -1
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[curl]
[openssl]
4.11 執行site.yml指令碼
cd /etc/ansible
ansible-playbook site.yml
4.12 訪問測試網頁
訪問192.168.10.3,測試nginx
訪問192.168.10.3/index.php,測試php與nginx的接連
訪問192.168.10.3/mysql.php,測試php與mysql的連線
roles目錄結構也有了